An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
CVE-2018-6789
Score elevated to 9.8 because this CVE is listed on the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating real-world exploitation has been confirmed by US federal agencies. NVD baseline CVSS 9.8 retained for reference. Confidence: HIGH.
- Actively exploited in the wild (CISA-KEV)
A fix is available — apply it.
- CVSS v3
- 9.8
- EG Score
- 9.8(high)
- EPSS
- 99.6%
- KEV
- ⚠ Exploited
Published
February 8, 2018
Last Modified
November 7, 2025
Advisory Details (9)
Auto-updated Jun 1, 2026[SECURITY] [DLA 1274-1] exim4 security update
https://lists.debian.org/debian-lts-announce/2018/02/msg00009.htmlexim - Exim Forgejo
https://git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1Exim Off-by-one RCE: Exploiting CVE-2018-6789 with Fully Mitigations Bypassing | DEVCORE
https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/oss-security - CVE-2018-6789 Exim 4.90 and earlier: buffer overflow
http://www.openwall.com/lists/oss-security/2018/02/07/2oss-security - Exim 4.90.1 released. (Was: CVE-2018-6789 Exim 4.90 and earlier: buffer overflow)
http://openwall.com/lists/oss-security/2018/02/10/2Patch Availability(1)
| Vendor / Ecosystem | Fixed in / Patch | Released | Source |
|---|---|---|---|
| ubuntu | eximon4 (4.86.2-2ubuntu2.3) @ xenial | 2026-07-18 | ubuntu |
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
Weakness Classification(2)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
All Vendor Advisories
(1)
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
Data Freshness Timeline
(refreshed 84× in last 7d / 340× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Showing the most recent 100 of 592 total refreshes for this CVE.
- 2026-07-18 07:19 UTCVendor advisory
- 2026-07-18 07:19 UTCGHSA enrichment
- 2026-07-18 03:30 UTCVendor advisory
- 2026-07-18 03:30 UTCGHSA enrichment
- 2026-07-17 23:42 UTCVendor advisory
- 2026-07-17 23:42 UTCGHSA enrichment
- 2026-07-17 19:54 UTCVendor advisory
- 2026-07-17 19:54 UTCGHSA enrichment
- 2026-07-17 16:06 UTCGHSA enrichment
- 2026-07-17 12:18 UTCGHSA enrichment
- 2026-07-17 08:30 UTCEG score recompute
- 2026-07-17 08:30 UTCGHSA enrichment
- 2026-07-17 04:41 UTCGHSA enrichment
- 2026-07-17 00:52 UTCGHSA enrichment
- 2026-07-16 21:04 UTCGHSA enrichment
- 2026-07-16 17:16 UTCGHSA enrichment
- 2026-07-16 17:04 UTCCISA KEV update
- 2026-07-16 16:59 UTCEPSS rescore
- 2026-07-16 16:59 UTCEPSS rescore
- 2026-07-16 13:27 UTCVendor advisory
- 2026-07-16 13:26 UTCGHSA enrichment
- 2026-07-16 09:39 UTCVendor advisory
- 2026-07-16 09:39 UTCGHSA enrichment
- 2026-07-16 05:52 UTCVendor advisory
- 2026-07-16 05:52 UTCGHSA enrichment
Show 75 moreShow fewer
- 2026-07-16 02:04 UTCVendor advisory
- 2026-07-16 02:04 UTCGHSA enrichment
- 2026-07-15 22:17 UTCVendor advisory
- 2026-07-15 22:17 UTCGHSA enrichment
- 2026-07-15 18:30 UTCVendor advisory
- 2026-07-15 18:30 UTCGHSA enrichment
- 2026-07-15 16:55 UTCEPSS rescore
- 2026-07-15 16:49 UTCCISA KEV update
- 2026-07-15 15:04 UTCCISA KEV update
- 2026-07-15 14:42 UTCGHSA enrichment
- 2026-07-15 10:52 UTCGHSA enrichment
- 2026-07-15 07:04 UTCGHSA enrichment
- 2026-07-15 03:16 UTCVendor advisory
- 2026-07-15 03:16 UTCGHSA enrichment
- 2026-07-14 23:28 UTCVendor advisory
- 2026-07-14 23:28 UTCGHSA enrichment
- 2026-07-14 19:40 UTCVendor advisory
- 2026-07-14 19:40 UTCGHSA enrichment
- 2026-07-14 18:05 UTCCISA KEV update
- 2026-07-14 15:53 UTCGHSA enrichment
- 2026-07-14 12:04 UTCGHSA enrichment
- 2026-07-14 08:16 UTCGHSA enrichment
- 2026-07-14 04:27 UTCVendor advisory
- 2026-07-14 04:27 UTCGHSA enrichment
- 2026-07-14 00:39 UTCVendor advisory
- 2026-07-14 00:39 UTCGHSA enrichment
- 2026-07-13 22:27 UTCEPSS rescore
- 2026-07-13 20:52 UTCVendor advisory
- 2026-07-13 20:52 UTCGHSA enrichment
- 2026-07-13 17:07 UTCCISA KEV update
- 2026-07-13 17:05 UTCVendor advisory
- 2026-07-13 17:05 UTCGHSA enrichment
- 2026-07-13 13:17 UTCVendor advisory
- 2026-07-13 13:17 UTCGHSA enrichment
- 2026-07-13 09:28 UTCVendor advisory
- 2026-07-13 09:28 UTCGHSA enrichment
- 2026-07-13 05:40 UTCVendor advisory
- 2026-07-13 05:40 UTCGHSA enrichment
- 2026-07-13 01:52 UTCVendor advisory
- 2026-07-13 01:52 UTCGHSA enrichment
- 2026-07-12 22:05 UTCVendor advisory
- 2026-07-12 22:05 UTCGHSA enrichment
- 2026-07-12 18:17 UTCVendor advisory
- 2026-07-12 18:17 UTCGHSA enrichment
- 2026-07-12 14:27 UTCVendor advisory
- 2026-07-12 14:27 UTCGHSA enrichment
- 2026-07-12 10:39 UTCVendor advisory
- 2026-07-12 10:39 UTCGHSA enrichment
- 2026-07-12 06:51 UTCVendor advisory
- 2026-07-12 06:51 UTCGHSA enrichment
- 2026-07-12 03:03 UTCGHSA enrichment
- 2026-07-11 23:15 UTCVendor advisory
- 2026-07-11 23:15 UTCGHSA enrichment
- 2026-07-11 19:27 UTCVendor advisory
- 2026-07-11 19:27 UTCGHSA enrichment
- 2026-07-11 15:39 UTCVendor advisory
- 2026-07-11 15:39 UTCGHSA enrichment
- 2026-07-11 11:52 UTCVendor advisory
- 2026-07-11 11:52 UTCGHSA enrichment
- 2026-07-11 08:03 UTCVendor advisory
- 2026-07-11 08:03 UTCGHSA enrichment
- 2026-07-11 04:15 UTCVendor advisory
- 2026-07-11 04:15 UTCGHSA enrichment
- 2026-07-11 00:27 UTCVendor advisory
- 2026-07-11 00:27 UTCGHSA enrichment
- 2026-07-10 20:40 UTCVendor advisory
- 2026-07-10 20:40 UTCGHSA enrichment
- 2026-07-10 17:52 UTCCISA KEV update
- 2026-07-10 16:51 UTCVendor advisory
- 2026-07-10 16:51 UTCGHSA enrichment
- 2026-07-10 13:03 UTCGHSA enrichment
- 2026-07-10 09:16 UTCGHSA enrichment
- 2026-07-10 05:28 UTCGHSA enrichment
- 2026-07-10 01:39 UTCVendor advisory
- 2026-07-10 01:38 UTCGHSA enrichment
Publicly available exploits
(6 references)Working exploit code is in the public domain (4 GitHub PoCs) (2 Exploit-DB entries). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
- GitHub PoCthistehneisen/CVE-2018-6789-Python3First seen Aug 5, 2023
Exim < 4.90.1 RCE Vulnerability remake for Python3 with arguments passed from CLI
Open source ↗ - GitHub PoCmartinclauss/exim-rce-cve-2018-6789First seen Mar 2, 2020
This repository provides a learning environment to understand how an Exim RCE exploit for CVE-2018-6789 works.
Open source ↗ - GitHub PoCsynacktiv/Exim-CVE-2018-6789First seen Oct 10, 2019
PoC materials to exploit CVE-2018-6789
Open source ↗ - Open source ↗GitHub PoCberaphin/CVE-2018-6789First seen Nov 8, 2018
- Exploit-DBEDB-45671First seen Oct 24, 2018
exim 4.90 - Remote Code Execution
Open source ↗ - Exploit-DBEDB-44571First seen May 2, 2018
Exim < 4.90.1 - 'base64d' Remote Code Execution
Open source ↗
Related CVEs(same vendor + same CWE)
Same vendor
10 shownubuntu
Same CWE
10 shownCWE-119 · CWE-120
Frequently asked(6)
What is CVE-2018-6789?
When was CVE-2018-6789 disclosed?
Is CVE-2018-6789 actively exploited?
What is the CVSS score of CVE-2018-6789?
Which products are affected by CVE-2018-6789?
How do I remediate CVE-2018-6789?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2018-6789
Is Your Infrastructure Affected by CVE-2018-6789?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.